Timeline: Toyota Faces More Battles in Liability War

MADISON, Wis. — The Oklahoma jury verdict in Toyota's sudden acceleration case, in which the automaker was found liable for the first time since it started recalling millions of vehicles in 2009, could turn the tide for hundreds of cases still waiting for trial in multidistrict litigation (MDL) in the federal court in Santa Ana, Calif.

Bookout v. Toyota is noteworthy because this is the first time a real jury heard the case and delivered a verdict. More importantly, the case is significant, not because of the verdict, but because the plaintiffs' lawyers went to trial alleging a software defect contributed to unintended acceleration.

Calling the Oklahoma case an outlier, as has been suggested by some of Toyota's defenders, is probably premature.

"I think this [verdict] will give momentum" to many other personal injury and wrongful death cases waiting for trial, Carl Tobias, a professor at the University of Richmond School of Law, told us. However, "a number of additional jury trials" will have to take place before we can determine what the Oklahoma case means and before we might see a broader settlement by Toyota.

Numerous outside experts claimed in the past that the sudden acceleration events could be caused by an electronic defect in Toyota vehicles. But for a long time, no evidence was made public to prove that theory conclusively. The Oklahoma verdict has shown a way to break the complex software issue in the electronic throttle system and explain it to a jury, thus establishing it as a central issue for a number of cases in which plaintiffs have said floor mats and sticky pedals can't explain their accidents.

A defect in the Toyota electronic throttle system has become the focus of arguments by plaintiffs' attorneys in the cases in the multidistrict litigation.

Toyota's victory
Toyota won many unintended acceleration cases over the last few years. It successfully blamed the problems on driver error, faulty floor mats, or stuck accelerator pedals. In parallel, however, it settled other cases.

In cases in which the plaintiffs' attorneys submitted a full report on a flaw in the vehicle's electronic throttle control system, a pattern emerged: Toyota opted to settle before the case went to trial.

The first settlements came in December 2012, when Toyota agreed to pay more than $1 billion to resolve hundreds of lawsuits claiming economic losses vehicle owners suffered as a result of the recall. However, that settlement did not resolve hundreds more lawsuits involving wrongful death and injury.

The first Toyota settlement in one of those cases came early in January in Van Alfen v. Toyota Motor Corp., No. 2:11-8120. That case, scheduled for trial in February, would have been the first personal injury case in the multidistrict litigation to go to trial. It would serve as a bellwether for many other lawsuits that have been consolidated before US District Judge James Selna.

Paul Van Alfen was driving a Toyota Camry on Interstate 80 near Wendover, Utah, on Nov. 5, 2010, when it suddenly accelerated. Skid marks showed that Van Alfen tried to stop the vehicle as it exited I-80, according to police. The car went through a stop sign at the bottom of the ramp and through an intersection before hitting a wall. Van Alfen and his son's fiancee, Charlene Jones Lloyd, were killed. Van Alfen's wife and son were injured.

EE Times has confirmed with Michael Barr, CTO of Barr Group, who served as an expert witness in the Oklahoma trial, that he had done a software analysis on the Toyota vehicle in both the economic loss and Van Alfen cases.

The trial of another unintended acceleration case (Estate of Ida Starr St. John v. Toyota Motor Sales USA Inc. et al., No. 8:10-cv-01460), also part of the multidistrict litigation, had been scheduled to begin Tuesday in an Orange County, Calif., courtroom. However, that trial has been postponed until March. The Associated Press reported on Friday that US District Judge James Selna postponed the trial because of "court congestion."

Ida Starr St. John, 83 at the time of her accident, was driving a 2005 Toyota Camry in April 2009 when it suddenly accelerated on to the grounds of a Georgia elementary school. The vehicle crashed into the school's gymnasium. No children were injured, but the accident allegedly fractured several of St. John's vertebrae and left her with other injuries.

Legal people can easely jump on this issue since they understand what harm such an error can issue. But how about software? Fact is that they let us sign their 'terms of use' and then we finally meet how "well" the product will serve us as a user. What a shame. It is full of backdoors, often not working properly, does things we don't want and often has very bad value for money too.

As a hardware guy this development really really aways has worried me. I can't do that. My boards (Electronics) always have to work.

I do wonder for years why this has gone wrong. The toyota example is due to bad thought firmware design, so basically software. Bad software on lethal moving vehicles, something to worry about.

Maybe in 10 years we have to agree with 'terms of agreement' if we want to buy our cars...? Let me suggest not to go this way: It is better to get all legal to bad software design. This is where they should put their attention to, to give my 5 cents...

Pre-impact EDR download data is very limited in extent. A typical data download matrix in Bosch EDR format for the time before the crash might look like this:

The sampling is generally at 1 second intervals before the crash - in this case there are six samples.

Four variables are recorded against time: Speed, Brake Switch ON or OFF, Accelerator rate (a voltage related to the accelerator position) and Engine RPM

Engine RPM are recorded to the nearest 400 RPM, which means that engine RPM of 799 would be recorded as 400, whereas 800 RPM up to 1199 RPM would be recorded as 800 RPM

Whether the brake switch is ON or OFF is recorded, but not the brake pressure

Time is recorded with reference to impact, but absolute date and time of impact are not recorded.

This is a very sparse data matrix and only of limited use in determining what was going on before impact.

In an ideal world an automobile black box would record a number of other variables to allow cross checking. The sampling rate would be increased probably by a factor of about a thousand. The time scale would be extended back to perhaps half an hour before the crash and the record would be date and time stamped in some way. There would also be video recording. Amongst the most important variables recorded would be the system voltage and current, throttle PWM duty cycle and throttle angle. One might then get some idea as to whether Task X had been having a hissy fit at the kitchen sink.

The data recorder would have to be entirely independent of the Electronic throttle control and the CAN bus.

Toyota and other automobile manufacturers have been able to claim that a record such as the one above "proves" that the driver did not have their foot on the brake - ergo they must have had their foot on the accelerator pedal when they meant to put it on the brake. In other words, they use the EDR record to insinuate that the driver has been "startled" into making a pedal error. [ This process of condemnation, it seems to me, is roughly equivalent to the medaeval process of testing for witches with a ducking stool: if the wretched woman sank in the pond she was proven innocent but drowned anyway, and if she rose to the surface she was proven a witch and was burnt at the stake. Rather unfair, but guaranteed to get rid of witches.]

I have examined a number of EDR records and have written two reports that are in the public domain. In one particular case I have been able to compare EDR and video records and I could find no correlation whatsoever between the two. I would be very pleased to make these two reports available - they are not subject to any gagging order.

I was very interested to hear that:

"He (Michael Barr) also told EE Times that the expert group found thatToyota's black box can malfunction during unintended acceleration specifically, and this will cause the black box to falsely report no braking."

It explains my own findings! It would be interesting to know if anyone else has had a similar experience.

Stuxnet is now open source and configurable and could potentially be used by anyone.

"I just hate to think what the casual chip hacker can do to the operating parameters of a modern car EMU."

The mind boggles at the possibility of a chip hacker mixing a bit of scrambled egg with what was described in the Bookout case as "spaghetti" software. What would happen if they tried to reorganize the "kitchen sink" tasks as part of the tuning process?

"As a past assurance engineer for a very large fire protection agency, the ability for the wrong operating parameters to be loaded into fire alarms, caused me to order a change in the upgrading and loading software for the fire alarms we used".

You raise a very important issue. In any manufacturing organization design variation has to be controlled very carefully. I expect that Toyota will have the assembly process under pretty good control with the correct parts delivered to assembly points for the particular batch build. However, with software change control may be more difficult.

I wonder how Toyota control the issue of upgrade software to their dealers and do they inform owners when a software upgrade has been done?

First and most shocking were the reports horrified drivers wrote about their runaway cars. Second were startling emails Toyota's engineers had sent each other. They were searching for UA's root causes, but they could not seem to find them.

They sometimes admitted it was the electronic parts, the engine computer, the software, or interference by radio waves. Meanwhile, efforts were made to find floor mats that would trap gas pedals and conveniently explain UA. The R&D chief admitted that incompletely developed cars had gone into production and that quality control of parts was poor or non-existent.

Third, I read many descriptions by executives and managers of how they had hoodwinked regulators, courts, and even Congress, by withholding, omitting, or misstating facts.

Last, and most damning, I found Toyota's press releases to be bland reassurances obviously meant to help maintain public belief in the safety of Toyota's cars—despite providing no evidence to support those reassurances. I saw a huge gap between the hard facts known by engineers and executives and the make-believe produced for public consumption by Toyota's PR department.

And there is just a plain mix up? I believe I read that Ariane 5 had Ariane 4 software loaded for it's first time off? Even here it's not a mistake or an accident but a failure in process control.

As a past assurance engineer for a very large fire protection agency, the ability for the wrong operating parameters to be loaded into fire alarms, caused me to order a change in the upgrading and loading software for the fire alarms we used.

I just hate to think what the casual chip hacker can do to the operating parameters of a modern car EMU.

Am I paranoid or could I also worry about some software being sabotaged for state or commercial imperative?

@Crusty: Yes, there's nothing new under the sun. This story is an old one, as you say, especially for the automotive industry. Short memory syndrome and complacency---it is human nature after all.

It's precisely because of Ralph Nader's book and the way the American car manufacturers treated customers that generations of the American car-buying public had so much faith in basic quality and value of Japanese cars. Too bad Toyota squandered that good faith. Consumers had the impression that Japanese car makers had a built-in process that produced good cars -- cars you wouldn't have to take to the shop constantly -- and that wouldn't kill or injure you (you were still capable of getting yourself in trouble, in the wrong spot at the wrong time---but that's just the nature of driving a car).

That reputation for quality followed by good ratings was why Americans bought Toyota. This case definitely damages that reputation more than it would have if they fessed up in the beginning. Consumers often have longer, irrational memory: some people won't buy American because they remember that bad days of the industry, even though times may have changed.

As software becomes more complex and does more in cars, I hope software teams follow good processes for testing their code.

Yes, given that this has been happening for a number of years, even if infrequently, one wonders why the people involved in the design of this software didn't have second thoughts about their architecture. You know, while commuting to and from work, for instance. Even if the heavies didn't know, seems hard to believe that no one had on of those "oh sh**" moments, going back over the code. No?

@Susan: I have been following this article and threads and thought has come to me that this is not a new situation in the transport industry. It goes a long way back before software, I was looking up the worst all time cars and googled Ralph Nader who wrote a book called "Unsafe At Any Speed,". I also know of buses that had power surges for no reason at all and railway safety has only been driven forward to safer practices by disasters.

One of the big problems is that corporations have a very short memory regarding how they came to a disaster, this is because the people who were there at the time of a disater / design flaw move on or retire and the cycle starts again.

Is it possible to build in a management process to a company that learns from previous problems or wants to?

In reading this article, I felt sympathy for the people who died and their families. Toyota could have made it simplier on them and admitted the problem had to do with software. They had to recall the vehicles anyways.